search

OpenCTI-Platform / connectors

OpenCTI Connectors
https://www.opencti.io
Apache License 2.0
363 stars 392 forks source link

ThreatFox - Add support for sha3_384_hash IOC #1846

Open atluxity opened 6 months ago

atluxity commented 6 months ago

Description

According to ThreatFox statistics page there has been 21 IOCs of type sha3_384_hash added to ThreatFox, but the connector does not support it.

Environment

  1. Ubuntu 22.04LTS
  2. OpenCTI version: OpenCTI 5.12.31
  3. OpenCTI client: frontend
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Set up ThreatFox connector
  2. Submit sha3_384 hash to ThreatFox
  3. Notice lack of import

Expected Output

Expected import of sha3_384 hash into OpenCTI as indicator

Actual Output

Nothing, not supported by connector, ignored.

Additional information

As far as I understand its is a matter of updating the README for documentation, and line https://github.com/OpenCTI-Platform/connectors/blob/master/external-import/threatfox/src/main.py#L239

But as I do not have proper setup to test before yolo commit I am reluctant to start fiddling with it.

nino-filigran commented 6 months ago

@daemitus , @GoZ8 , @prisma2user I see that at some point you all have contributed to this connecotr. would you mind having a look at this issue?

daemitus commented 6 months ago

does opencti even support it, or would this just end up being an observable with an empty hash?

Jipegien commented 6 months ago

Currently, OpenCTI does not support this type of hash. We need to implement it in the platform first. It is not something we plan to do in the short term.